Infrastructure, Cloud & Security Projects

Selected projects demonstrating hands-on delivery across DNS, identity, email migration, collaboration modernization, and hybrid infrastructure. Details are shared at a high level and are portfolio-safe.

GoDaddy to Cloudflare DNS Migration

Cloudflare DNS SSL/TLS Cutover DMARC/SPF/DKIM

Objective: Migrate authoritative DNS from GoDaddy to Cloudflare to centralize DNS management, improve security posture, and simplify ongoing maintenance.

Preparation

  • Captured screenshots/exports of existing DNS records for rollback reference.
  • Documented A, CNAME, MX, TXT (SPF/DKIM/DMARC), and vendor verification records.
  • Identified records requiring DNS-only (mail, SaaS validation, third-party SSL/origin requirements).
  • Reduced TTL values ahead of cutover to minimize propagation delays.

Migration Execution

  • Imported records using Cloudflare DNS scan/copy and manually validated accuracy.
  • Confirmed all records copied correctly except NS records (replaced by Cloudflare nameservers).
  • Applied proxying selectively for public web services while keeping sensitive services DNS-only.
  • Updated nameservers at registrar and confirmed authoritative DNS cutover.

Issues & Mitigation

  • SSL conflicts: Origin hosting may manage certificates (mitigated by DNS-only where needed + correct SSL mode).
  • Validation failures: Proxy settings can break SaaS verifications (mitigated by switching impacted records to DNS-only).
  • Propagation timing: Regional differences during cutover (mitigated by TTL planning + staged validation).

Post-Migration Validation

  • Validated websites/subdomains and confirmed mail flow remained stable.
  • Enabled Cloudflare Universal SSL where appropriate and confirmed HTTPS behavior.
  • Verified DMARC/SPF/DKIM alignment and rechecked TXT-based verifications.

Technologies: Cloudflare, GoDaddy, DNS, SSL/TLS, DMARC/SPF/DKIM, Proxy vs DNS-only

Microsoft 365 ↔ Google Workspace Calendar Interop (Free/Busy)

Microsoft 365 Identity OAuth/API Integration Interop

Objective: Enable cross-platform Free/Busy availability between Microsoft 365 and Google Workspace tenants to improve scheduling and cross-organization collaboration.

Preparation

  • Verified domain ownership and external sharing policies in both tenants.
  • Validated Exchange Online org relationship settings and availability configuration.
  • Prepared required service account/delegated access settings where applicable.

Implementation

  • Configured interoperability settings between Microsoft 365 and Google Workspace.
  • Implemented required authentication requirements and API permissions/scopes.
  • Mapped domains correctly to ensure Free/Busy queries routed to the correct tenant.

Issues & Mitigation

  • Policy restrictions: Sharing scope can block lookups (mitigated by validating org settings + test accounts).
  • Scope mismatch: API permissions may not align (mitigated by verifying scopes and delegated access).
  • Propagation delay: Changes take time to apply (mitigated with staged testing and rechecks).

Post-Implementation Testing

  • Used test accounts to validate Free/Busy lookups in both directions.
  • Confirmed external visibility restrictions behaved as intended.
  • Validated experience across web/mobile clients where applicable.

Technologies: Microsoft 365, Exchange Online, Google Workspace, Calendar Interop, OAuth/API Permissions

Okta to Microsoft Entra ID SSO Migration

SSO SAML 2.0 Entra ID RBAC Off-hours

Objective: Migrate SSO and identity provisioning from Okta to Microsoft Entra ID to centralize authentication, streamline access management, and align identity with Microsoft 365 infrastructure.

Planning & Preparation

  • Captured and documented Okta configuration (apps, groups, provisioning rules, license mappings).
  • Created pilot plan and tested with dedicated test accounts to validate authentication and provisioning.
  • Scheduled implementation during off-hours to minimize production impact.
  • Created internal admin/end-user tutorials and documented rollback approach.

Implementation

  • Recreated enterprise applications in Entra ID using gallery apps and custom SAML configurations.
  • Configured SAML trust, exchanged IdP metadata, and validated signing certificates.
  • Created security groups and assigned apps + license bundles using group-based access.
  • Configured provisioning and attribute mappings where supported.

Issues & Mitigation

  • Metadata mismatch: SAML endpoints/certs can drift (mitigated by re-exporting metadata + validating ACS/Entity IDs).
  • Provisioning failures: Scope and mapping issues (mitigated by reviewing attribute mappings + admin consent).
  • Password transition: Passwords typically don’t “move” (mitigated with comms + reset plan if needed).
  • Access errors: App roles/assignments can cause 404s (mitigated by role review + scoped testing).

Post-Migration Validation

  • Verified login access across migrated apps with Entra ID as primary IdP.
  • Confirmed users were correctly federated and pointing to the new IdP.
  • Validated group-based access; reviewed sign-in/provisioning logs for stabilization.

Technologies: Okta, Microsoft Entra ID (Azure AD), SAML 2.0, RBAC, Microsoft 365, Provisioning

Intermedia to Microsoft 365 Email Migration

Microsoft 365 DNS Staged Cutover DR Backup MigrationWiz

Objective: Migrate organizational email from Intermedia to Microsoft 365 to consolidate collaboration tools, improve security controls, and centralize administration.

Planning & Preparation

  • Documented mailboxes, groups, licenses, rules, forwarding, signatures, and delegated access.
  • Backed up mailboxes using a disaster recovery solution prior to migration.
  • Scheduled migration during off-hours and planned staged cutover to reduce risk.
  • Selected BitTitan MigrationWiz and validated source/destination readiness.

Migration Execution

  • Configured MigrationWiz projects and enabled “Do Not Duplicate Emails” to prevent mailbox inflation.
  • Performed staged migrations and rebuilt rules/forwarding/permissions in Microsoft 365 where needed.
  • Updated DNS records (MX, SPF, Autodiscover) to route mail flow to Microsoft 365.

Issues & Mitigation

  • Rules/forwarding/delegation gaps: Not all rules and delegated access migrate cleanly (mitigated by exporting inventories and rebuilding settings post-cutover).
  • Shared mailbox permissions: Send-As/Full Access may require reapplication (mitigated by documenting access models and validating with test users).
  • Archive/public folder complexity: Archives/public folders may require separate handling (mitigated by scoping early and using staged pilots).
  • Mail flow cutover risk: MX/SPF/Autodiscover timing can cause mixed routing (mitigated with staged DNS changes + monitoring message trace).
  • Client reprofiling impact: Outlook may require profile refresh/autodiscover updates (mitigated with user comms + quick support window during cutover).

Post-Migration Validation

  • Validated inbound/outbound email and mailbox data integrity.
  • Confirmed shared mailbox access, group membership, and forwarding behavior.
  • Monitored message trace/delivery reports and provided user support during transition.

Technologies: Intermedia, Microsoft 365, Exchange Online, BitTitan MigrationWiz, DNS (MX/SPF/Autodiscover)

VMware to Microsoft Azure Infrastructure Migration

VMware Azure VNet/NSG RBAC Cost Estimation

Objective: Migrate on-prem VMware workloads to Microsoft Azure to modernize infrastructure, improve scalability, and strengthen disaster recovery readiness.

Planning & Preparation

  • Audited VM inventory, dependencies, OS versions, and workload requirements.
  • Outlined Azure services: VMs, networking, backup, monitoring, secure admin access.
  • Used Azure Pricing Calculator to estimate costs and right-size workloads.
  • Reviewed licensing requirements including Windows Server licensing and CAL considerations.

Migration Strategy & Execution

  • Evaluated migration methods (recreate vs snapshot/backup restore workflows).
  • Provisioned Azure VMs aligned with workload requirements and segmented networking design.
  • Implemented NSGs to restrict admin access and enforce least-privilege network controls.
  • Migrated SQL workloads and validated application/database connectivity.
  • Configured backup policies for workload protection.

Issues & Mitigation

  • Dependency mapping: App/DB/service dependencies can be missed (mitigated via inventory + validation testing and staged moves).
  • Networking reachability: NSG/VNet rules can break east-west or admin access (mitigated using explicit allow-lists, test subnets, and documented ports).
  • RDP exposure risk: Public RDP is high risk (mitigated with restricted source IPs, jump access patterns, and least-privilege rules).
  • Performance/right-sizing: Incorrect VM sizing increases cost or reduces performance (mitigated by baseline metrics + right-size iterations).
  • Backup/restore expectations: Recovery testing is often skipped (mitigated by validating restore workflows and documenting RPO/RTO assumptions).

Post-Migration Validation

  • Validated connectivity and secure remote administration approach.
  • Confirmed database accessibility and application functionality.
  • Verified RBAC scope and tested backups/recovery workflows.

Technologies: VMware ESXi/vSphere, Microsoft Azure, Azure VMs, VNet, NSG, Azure Backup, RBAC, PowerShell

On-Prem File Shares to SharePoint Online Migration

SharePoint Online Cloud Migration Permissions Cutover Data Governance

Objective: Modernize file storage by migrating on-prem file shares to SharePoint Online to improve collaboration, remote access, and governance.

Preparation

  • Validated SharePoint information architecture (sites, libraries, folder strategy).
  • Cleaned up legacy data (duplicates, stale folders) and confirmed retention requirements.
  • Installed SharePoint Migration Tool (SPMT) on a host with access to file shares.
  • Mapped access approach (SharePoint groups vs direct permissions) and scoped ownership.
  • Reviewed SharePoint constraints (path length, invalid characters, blocked file types).

Migration Execution

  • Authenticated to Microsoft 365 using a migration/admin account.
  • Selected source file shares and targeted SharePoint destination libraries.
  • Validated destination URLs and scoped libraries before execution.
  • Executed pilot migrations first, then moved to staged migrations before final cutover.

Issues & Mitigation

  • Permission parity: NTFS permissions don’t always map 1:1 (mitigated by standardizing SharePoint groups and inheritance strategy).
  • File constraints: Path/character/file-type restrictions (mitigated by pre-scan + remediation of invalid items).
  • Large libraries: Performance and structuring concerns (mitigated with staged moves + library design planning).

Post-Migration Validation

  • Validated user access and confirmed key content was accessible by the correct roles.
  • Confirmed sync and collaboration behavior (versioning, co-authoring) where applicable.
  • Documented new access model and provided user guidance for SharePoint/OneDrive usage.

Technologies: SharePoint Online, SPMT, Microsoft 365, Permissions/Groups, Information Architecture

Hybrid Identity + Endpoint Management (Azure AD Connect + Windows/macOS MDM)

Entra ID Azure AD Connect Compliance Health Monitoring Device Management

Objective: Establish a reliable hybrid identity foundation and standardize device management for Windows and macOS endpoints using Entra ID integration and MDM policies.

Preparation

  • Reviewed and organized AD OU structure, groups, and naming conventions.
  • Removed/disabled stale accounts and corrected duplicates/conflicting identities.
  • Planned sync scope (OU filtering) and required identity attributes.
  • Confirmed enrollment strategy for Windows/macOS (corporate vs BYOD, compliance baselines, restrictions).

Integration

  • Installed Azure AD Connect on a designated server with appropriate admin roles.
  • Configured sign-in method and OU filtering to control sync scope.
  • Validated synchronization health and ensured expected objects appeared in Entra ID.
  • Aligned endpoint enrollment policies and baseline configuration profiles for Windows and macOS.

Issues & Mitigation

  • Attribute conflicts: Duplicate accounts or mismatched attributes (mitigated by cleanup + aligning UPN/proxy addresses).
  • Over-syncing: Broad OU selection increases risk (mitigated via tight OU filtering + staged rollout).
  • Enrollment friction: Restrictions or OS requirements can block enrollment (mitigated by aligning policies with supported OS versions and enrollment profiles).

Post-Integration Validation

  • Verified Azure AD Connect Health status and sync schedules.
  • Confirmed sign-in behavior and tested conditional access/compliance where applicable.
  • Validated device enrollment results and reporting for Windows/macOS endpoints.

Technologies: Active Directory, Microsoft Entra ID (Azure AD), Azure AD Connect, Intune MDM, Windows, macOS